[pound2 0005296]: long RSA Keys can't be loaded - SSL_CTX_use_PrivateKey_file failed - aborted -- 2.7, REV=2015.02.25

Mantis Bug Tracker noreply at opencsw.org
Thu Feb 9 15:52:53 CET 2017 

The following issue has been CLOSED 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=5296 
====================================================================== 
Reported By:                tomww
Assigned To:                dam
====================================================================== 
Project:                    pound2
Issue ID:                   5296
Category:                   other
Reproducibility:            have not tried
Severity:                   minor
Priority:                   normal
Status:                     closed
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             2017-02-07 15:48 CET
Last Modified:              2017-02-09 15:52 CET
====================================================================== 
Summary:                    long RSA Keys can't be loaded -
SSL_CTX_use_PrivateKey_file failed - aborted -- 2.7,REV=2015.02.25
Description: 
It looks like 4096 bit RSA keys can't be used with the 2.7 version of
pound
Loading config fails with:
"SSL_CTX_use_PrivateKey_file failed - aborted"
====================================================================== 

---------------------------------------------------------------------- 
 (0011237) tomww (reporter) - 2017-02-09 15:38
 https://www.opencsw.org/mantis/view.php?id=5296#c11237 
---------------------------------------------------------------------- 
The experimental package in version 2.8a has been successfully used in SSL
mode.

During testing it revealed that the "SSL_CTX_use_PrivateKey_file failed -
aborted" was not the fault of pound 2.7. While the command line openssl
verify was happy with the combined *.pem file, the pound 2.8a config check
wasn't.
Only re-issuing the *key / *crt / combined *pem file helped that pound via
library access to openssl libraries successfully verified and accepted the
*.pem file. The error most likely was a mistake in preparing the *pem
file.

Key-length used in the second attempt was 2048bit.

Diff between pound 2.7 and 2.8 seen by the Changelog is only:
 ------------------------------------------------------------------------
+r82 | roseg | 2016-10-23 16:59:47 +0200 (Sun, 23 Oct 2016) | 8 lines
+
+Release 2.8a
+
+Enhancements:
+    - removed DynScale flag and support
+
+Bug fixes:
+    - fixed potential request smuggling via fudged headers
+
+------------------------------------------------------------------------
+r81 | roseg | 2015-01-26 17:47:53 +0100 (Mon, 26 Jan 2015) | 30 lines
+
+Release 2.7
+
[...]

More information about the bug-notifications mailing list